Deloitte publishes six control principles for financial services blockchains

Blockchain technology has so far been discussed outside traditional institutional governance, accounting and legal frameworks and there is a need for controls to ensure that these long-standing practices and working principles are protected and disruption is minimised, according to the Blockchain Control Principles Report, published by Deloitte today...

Commenting on the report, Lory Kehoe, EMEA Blockchain Lab Lead at Deloitte said: “Blockchain has attracted significant attention from the financial services industry in EMEA and around the globe with many organisations exploring different structures and governance models as they move from exploration to implementation. It is becoming more critical to look at blockchain implementation from a holistic, not just IT standpoint, and to ensure that consideration is given to each key control principle and the impact they may have on the entire organisation. Failure to consider these principles, or to consider them in isolation, may become riskier as alignment between business and IT is critical for successful implementation of this new and powerful technology.”

In particular researchers and investors are increasingly interested in the transformative and disruptive ability of this technology to: facilitate an exchange of value; enable the safe storage of value; achieve operational efficiencies; secure cost savings; increase industry transparency; and enhance customer experiences.

With this in mind Deloitte has considered what it deems essential to the widespread adoption of blockchain technology within the financial community in the long term and has published six control principles for financial services blockchains. These are:

Best practice standard for blockchain development: This principle looks at critical standards including governance, law, regulation and standards, and in particular in relation to developing appropriate structures for blockchain adoption and governance models which must be considered for consortia, joint ventures, and statutory organisations.

Interoperability and system integration controls: This considers the introduction of blockchain into an enterprise and the need to ensure that it is capable of integrating and interoperating with other systems including other blockchain solutions or technologies. There is particular focus on four key areas including security considerations, integration with legacy systems, data integration and security mechanisms.

Audit rules: This principle considers how the audit function will transform as a result of blockchain implementation. Deloitte believes that the use of blockchain platforms will not remove audits, nor the need for an independent auditor, rather it will transform the way in which audits extract, test and analyse data. Layering blockchain technology with audit analytics could yield standardised, sophisticated audit routines and analysis that enable near real-time evaluation of transactions across the blockchain. In particular it reviews the immutable record, auditing smart contracts, technical controls and audit transformation.

Cybersecurity controls: Blockchain is intrinsically linked with cybersecurity considerations. This principle explores cybersecurity considerations related to cryptographic and immutable nature of blockchain technology; they include key management, risk of attacker overpowering a private blockchain, centralisation of authority within the network and privacy and the right to be forgotten.

Enhancement of traditional ICT protocols: Information and Communication Technology (ICT) encompasses automated means of originating, processing, storing and communicating information, and it covers recording devices, communications networks, computer systems and other electronic devices. Management of this infrastructure calls for a specific set of procedures to guarantee that risks related to technology can be identified, measured, monitored and controlled. This principle dives deeper into several shifts that must be considered, including security management, systems development and change management, information processing.

Business continuity planning and blockchain: Ensuring high quality business continuity planning for blockchain solutions will involve collation and aggregation of these existing processes into a unified package. Some considerations include the business continuity plan itself, BCP with Public Key Infrastructure (PKI), BCP of network nodes and security specialists.